lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <c27a4f9b-e468-93a2-c14d-20f45a5a103b@gmail.com>
Date:   Mon, 27 Dec 2021 22:56:32 +0000
From:   "Colin King (gmail)" <colin.i.king@...il.com>
To:     Xiang Chen <chenxiang66@...ilicon.com>
Cc:     John Garry <john.garry@...wei.com>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: scsi: hisi_sas: Fix some issues related to,
 asd_sas_port->phy_list

Hi,

Static analysis with clang-scan has found a dereference of an 
uninitialized pointer in drivers/scsi/hisi_sas/hisi_sas_main.c 
introduced by the following recent commit:

commit 29e2bac87421c613782ccb510c76c5efbecac0cf
Author: Xiang Chen <chenxiang66@...ilicon.com>
Date:   Mon Dec 20 19:21:28 2021 +0800

     scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list

The issue is as follows:

static void hisi_sas_send_ata_reset_each_phy(struct hisi_hba *hisi_hba,
                                              struct asd_sas_port *sas_port,
                                              struct domain_device *device)
{
         struct hisi_sas_tmf_task tmf_task = { .force_phy = 1 };
         struct ata_port *ap = device->sata_dev.ap;
         struct device *dev = hisi_hba->dev;
         int s = sizeof(struct host_to_dev_fis);
         int rc = TMF_RESP_FUNC_FAILED;
         struct asd_sas_phy *sas_phy;

sas_phy is not initialized ^

         struct ata_link *link;
         u8 fis[20] = {0};
         u32 state;
         int i;

         state = hisi_hba->hw->get_phys_state(hisi_hba);
         for (i = 0; i < hisi_hba->n_phy; i++) {
                 if (!(state & BIT(sas_phy->id)))
                         continue;

sas_phy is being dereferenced

The commit referenced above removed the statement:

    list_for_each_entry(sas_phy, &sas_port->phy_list, port_phy_el)


..that set sas_phy. Now we don't have this, so sas_phy is not initialized.

Colin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ